image: repository: adguard/adguardhome tag: v0.107.33 env: TZ: Europe/Amsterdam ingress: main: enabled: true annotations: cert-manager.io/cluster-issuer: vault-issuer traefik.ingress.kubernetes.io/router.tls: 'true' hosts: - host: adguard.dc paths: - path: / pathType: Prefix tls: - secretName: adguard-tls hosts: - adguard.dc service: dns-tcp: enabled: true type: LoadBalancer annotations: metallb.universe.tf/address-pool: dns metallb.universe.tf/allow-shared-ip: adguard ports: dns-tcp: enabled: true port: 53 protocol: TCP targetPort: 5353 externalTrafficPolicy: Local dns-udp: enabled: true type: LoadBalancer annotations: metallb.universe.tf/address-pool: dns metallb.universe.tf/allow-shared-ip: adguard ports: dns-udp: enabled: true port: 53 protocol: UDP targetPort: 5353 externalTrafficPolicy: Local podAnnotations: prometheus.io/scrape: "true" prometheus.io/port: "9617" prometheus.io/path: "/metrics" # See: https://github.com/ebrianne/adguard-exporter additionalContainers: adguard-exporter: image: ebrianne/adguard-exporter:latest env: - name: adguard_protocol value: "http" - name: adguard_hostname value: '127.0.0.1' - name: adguard_username value: "" - name: adguard_password value: "" - name: adguard_port value: "3000" - name: interval value: "10s" - name: log_limit value: "10000" - name: server_port value: 9617 securityContext: privileged: false readOnlyRootFilesystem: true allowPrivilegeEscalation: false capabilities: drop: - ALL configMaps: config: enabled: true data: AdGuardHome.yaml: | bind_host: 0.0.0.0 bind_port: 3000 users: [] auth_attempts: 5 block_auth_min: 15 http_proxy: "" language: en theme: auto debug_pprof: false web_session_ttl: 720 dns: bind_hosts: - 0.0.0.0 port: 5353 anonymize_client_ip: false protection_enabled: true blocking_mode: default blocking_ipv4: "" blocking_ipv6: "" blocked_response_ttl: 10 parental_block_host: family-block.dns.adguard.com safebrowsing_block_host: standard-block.dns.adguard.com ratelimit: 0 ratelimit_whitelist: [] refuse_any: true upstream_dns: - 192.168.1.1 upstream_dns_file: "" bootstrap_dns: - 192.168.1.1 all_servers: false fastest_addr: false fastest_timeout: 1s allowed_clients: [] disallowed_clients: [] blocked_hosts: - version.bind - id.server - hostname.bind trusted_proxies: - 127.0.0.0/8 - ::1/128 cache_size: 4194304 cache_ttl_min: 0 cache_ttl_max: 0 cache_optimistic: false bogus_nxdomain: [] aaaa_disabled: false enable_dnssec: false edns_client_subnet: custom_ip: "" enabled: false use_custom: false max_goroutines: 300 handle_ddr: true ipset: [] ipset_file: "" filtering_enabled: true filters_update_interval: 24 parental_enabled: false safesearch_enabled: false safebrowsing_enabled: false safebrowsing_cache_size: 1048576 safesearch_cache_size: 1048576 parental_cache_size: 1048576 cache_time: 30 rewrites: [] blocked_services: [] upstream_timeout: 10s private_networks: [] use_private_ptr_resolvers: true local_ptr_upstreams: [] use_dns64: false dns64_prefixes: [] serve_http3: false use_http3_upstreams: false tls: enabled: false server_name: "" force_https: false port_https: 443 port_dns_over_tls: 853 port_dns_over_quic: 784 port_dnscrypt: 0 dnscrypt_config_file: "" allow_unencrypted_doh: false certificate_chain: "" private_key: "" certificate_path: "" private_key_path: "" strict_sni_check: false querylog: enabled: true file_enabled: true interval: 168h size_memory: 1000 ignored: [] statistics: enabled: true interval: 7 ignored: [] filters: - enabled: true url: https://adguardteam.github.io/AdGuardSDNSFilter/Filters/filter.txt name: AdGuard DNS filter id: 1 - enabled: true url: https://adaway.org/hosts.txt name: AdAway id: 2 - enabled: true url: https://www.malwaredomainlist.com/hostslist/hosts.txt name: MalwareDomainList.com Hosts List id: 4 - enabled: false url: https://github.com/ppfeufer/adguard-filter-list/blob/master/blocklist?raw=true) name: ppfeufer/adguard-filter-list id: 1680552054 - enabled: true url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_2.txt name: AdAway Default Blocklist id: 1680552055 - enabled: true url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_1.txt name: AdGuard DNS filter id: 1680552056 - enabled: true url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_4.txt name: Dan Pollock's List id: 1680552057 - enabled: true url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_32.txt name: The NoTracking blocklist id: 1680552058 - enabled: true url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_23.txt name: WindowsSpyBlocker - Hosts spy rules id: 1680552059 - enabled: true url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_30.txt name: Phishing URL Blocklist (PhishTank and OpenPhish) id: 1680552060 - enabled: true url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_12.txt name: Dandelion Sprout's Anti-Malware List id: 1680552061 - enabled: true url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_7.txt name: Perflyst and Dandelion Sprout's Smart-TV Blocklist id: 1680552062 - enabled: true url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_10.txt name: Scam Blocklist by DurableNapkin id: 1680552063 - enabled: true url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_9.txt name: The Big List of Hacked Malware Web Sites id: 1680552064 - enabled: true url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_31.txt name: Stalkerware Indicators List id: 1680552065 - enabled: true url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_11.txt name: Malicious URL Blocklist (URLHaus) id: 1680552066 - enabled: true url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_33.txt name: Steven Black's List id: 1680552067 - enabled: true url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_3.txt name: Peter Lowe's Blocklist id: 1680552068 - enabled: true url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_5.txt name: OISD Blocklist Basic id: 1680552069 - enabled: true url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_6.txt name: Dandelion Sprout's Game Console Adblock List id: 1680552070 - enabled: false url: https://git.nold.in/nold/dns-whitelist/raw/branch/master/blacklists/playstation.txt name: Playstation Network id: 1680552071 - enabled: true url: https://git.nold.in/nold/dns-whitelist/raw/branch/master/blacklists/xbox.txt name: Xbox id: 1680552072 - enabled: false url: https://git.nold.in/nold/dns-whitelist/raw/branch/master/blacklists/nintendont.txt name: Nintendont id: 1680552073 whitelist_filters: [] user_rules: [] dhcp: enabled: false interface_name: "" local_domain_name: lan dhcpv4: gateway_ip: "" subnet_mask: "" range_start: "" range_end: "" lease_duration: 86400 icmp_timeout_msec: 1000 options: [] dhcpv6: range_start: "" lease_duration: 86400 ra_slaac_only: false ra_allow_slaac: false clients: runtime_sources: whois: true arp: true rdns: true dhcp: true hosts: true persistent: [] log_file: "" log_max_backups: 0 log_max_size: 100 log_max_age: 3 log_compress: false log_localtime: false verbose: false os: group: "" user: "" rlimit_nofile: 0 schema_version: 17